CVE-2008-3479

EPSS 73.44%
Published 15.10.2008 00:12:15
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	73.44%	0.988

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=bugtraq&m=122479227205998&w=2

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

US Government Resource

http://dvlabs.tippingpoint.com/advisory/TPTI-08-07

Patch

http://secunia.com/advisories/32260

Patch

Vendor Advisory

http://www.securityfocus.com/bid/31637

Patch

http://www.securitytracker.com/id?1021052

http://www.vupen.com/english/advisories/2008/2816